package com.ant.backstage.config.filter;

import com.ant.backstage.facade.ApiReturn;
import com.ant.backstage.facade.code.ApiReturnCode;
import com.ant.backstage.facade.model.Authentication;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Optional;

//自定义shiro 权限过滤器
public class AuthenticationFilter extends AuthorizationFilter {


    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        ApiReturn notAuthorized = new ApiReturn();
        // 请求前置 过滤
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;
        resp.setCharacterEncoding("utf-8");
        String uri = req.getRequestURI();
        Authentication authInfo = LoadAuthentication.getAuthInfo(uri); //接口权限信息对象

        if (!Optional.ofNullable(authInfo).isPresent()) {
            notAuthorized.setApiReturnCode(ApiReturnCode.NO_PERMISSION);
            return false;
        }

        return false;
    }


}
